I'm configuring a new ASA 5505 for deployment as a VPN endpoint in a remote office. After configuring it and connecting the VPN, I get the following messages:
WARNING: Pool (10.6.89.200) overlap with existing pool.
ERROR: IP address,mask <10.10.0.0,93.137.70.9> doesn't pair
10.6.89.200 is the address I configured for the ASA. It has the subnet mask 255.255.255.0.
The ip address 10.10.0.0 corresponds to one of our subnets, but it certainly wouldn't have a subnet mask of 93.137.70.9. That looks more like a public IP address (and resolves to an ADSL connection somewhere). I am sure if we had such a subnet configured, that it would indeed overlap with 10.6.89.200.
There is no reference to 93.137.70.9 in the config of this ASA or our head office ASA.
Can anyone shed light on what is going on here? The sudden appearance of a strange subnet mask is a bit alarming.
Best Answer
Ok... you gave the device 10.6.89.200, with a /24 mask, /24 is another way of representing 255.255.255.0. You have given 24 out of 32 available bits to the "network" leaving 8 for the hosts. That means the only hosts your device can directly talk to on that interface will have to have an address of 10.6.89.1-199 or 10.6.89.201-254. You've taken .200, and .0 and .255 are given up as overhead one being for the network the other for broadcast.
I believe what the message is saying, is that the network you tried to assign to a pool is not part of any network you've define elsewhere.
Is the "outside" interface of this ASA set to DHCP perhaps? Is it retrieving that IP from your ISP?